enable keepassxc secret agent
disable gnome keyring enable ssh agent encrypt keepassxc config because it contains secret agent keys now remove alacritty config
This commit is contained in:
parent
0abb32ef30
commit
17db8c152e
7 changed files with 23 additions and 118 deletions
|
@ -1,63 +0,0 @@
|
|||
pkgs: config:
|
||||
{
|
||||
# Gruvbox theme (https://github.com/alacritty/alacritty-theme/blob/master/themes/gruvbox_dark.yaml)
|
||||
colors = {
|
||||
primary = {
|
||||
background = "0x282828";
|
||||
foreground = "0xebdbb2";
|
||||
};
|
||||
|
||||
normal = {
|
||||
black = "0x282828";
|
||||
red = "0xcc241d";
|
||||
green = "0x98971a";
|
||||
yellow = "0xd79921";
|
||||
blue = "0x458588";
|
||||
magenta = "0xb16286";
|
||||
cyan = "0x689d6a";
|
||||
white = "0xa89984";
|
||||
};
|
||||
|
||||
bright = {
|
||||
black = "0x928374";
|
||||
red = "0xfb4934";
|
||||
green = "0xb8bb26";
|
||||
yellow = "0xfabd2f";
|
||||
blue = "0x83a598";
|
||||
magenta = "0xd3869b";
|
||||
cyan = "0x8ec07c";
|
||||
white = "0xebdbb2";
|
||||
};
|
||||
};
|
||||
|
||||
font = {
|
||||
normal = {
|
||||
family = "Hack Nerd Font Mono";
|
||||
style = "Regular";
|
||||
};
|
||||
|
||||
bold = {
|
||||
family = "Hack Nerd Font Mono";
|
||||
style = "Bold";
|
||||
};
|
||||
|
||||
italic = {
|
||||
family = "Hack Nerd Font Mono";
|
||||
style = "Italic";
|
||||
};
|
||||
|
||||
bold_italic = {
|
||||
family = "Hack Nerd Font Mono";
|
||||
style = "Bold Italic";
|
||||
};
|
||||
};
|
||||
|
||||
shell = {
|
||||
program = "${pkgs.bash}/bin/bash";
|
||||
args = [
|
||||
"--login"
|
||||
"-c"
|
||||
"${config.programs.tmux.package}/bin/tmux"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
config = {
|
||||
programs.alacritty = {
|
||||
enable = true;
|
||||
settings = import ./config.nix pkgs config;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
{
|
||||
General = {
|
||||
ConfigVersion = 2;
|
||||
};
|
||||
|
||||
Browser = {
|
||||
CustomProxyLocation = "";
|
||||
Enabled = true;
|
||||
};
|
||||
|
||||
GUI = {
|
||||
MinimizeOnClose = true;
|
||||
MinimizeOnStartup = true;
|
||||
ShowExpiredEntriesOnDatabaseUnlock = false;
|
||||
ShowTrayIcon = true;
|
||||
TrayIconAppearance = "monochrome-light";
|
||||
};
|
||||
|
||||
PasswordGenerator = {
|
||||
AdditionalChars = "";
|
||||
ExcludedChars = "";
|
||||
};
|
||||
|
||||
SSHAgent = {
|
||||
Enabled = true;
|
||||
};
|
||||
|
||||
Security = {
|
||||
ClearClipboardTimeout = 30;
|
||||
ClearSearch = false;
|
||||
EnableCopyOnDoubleClick = true;
|
||||
};
|
||||
}
|
|
@ -1,8 +1,11 @@
|
|||
{ pkgs, lib, ...}:
|
||||
{ pkgs, config, ...}:
|
||||
|
||||
{
|
||||
config = {
|
||||
home.packages = [ pkgs.keepassxc ];
|
||||
xdg.configFile."keepassxc/keepassxc.ini".text = lib.generators.toINI {} (import ./config.nix);
|
||||
homeage.file."keepassxc.ini" = {
|
||||
source = ../../secrets/keepassxc.ini.age;
|
||||
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ... }: {
|
||||
{ pkgs, config, lib, ... }: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
@ -10,6 +10,8 @@
|
|||
time.timeZone = "Europe/Amsterdam";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
services.gnome.gnome-keyring.enable = lib.mkForce false;
|
||||
|
||||
services = {
|
||||
xserver = {
|
||||
enable = true;
|
||||
|
@ -65,17 +67,21 @@
|
|||
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
dmz = {
|
||||
hostNames = ["*.dmz"];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
||||
certAuthority = true;
|
||||
};
|
||||
programs.ssh = {
|
||||
startAgent = true;
|
||||
|
||||
hypervisors = {
|
||||
hostNames = ["*.hyp"];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
||||
certAuthority = true;
|
||||
knownHosts = {
|
||||
dmz = {
|
||||
hostNames = ["*.dmz"];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
||||
certAuthority = true;
|
||||
};
|
||||
|
||||
hypervisors = {
|
||||
hostNames = ["*.hyp"];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
||||
certAuthority = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
BIN
secrets/keepassxc.ini.age
Normal file
BIN
secrets/keepassxc.ini.age
Normal file
Binary file not shown.
|
@ -14,4 +14,5 @@ in
|
|||
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
||||
"ansible-vault-secret.age".publicKeys = publicKeys;
|
||||
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
||||
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue